SAML "Failed to determine the state of the SSO redirect"


I have a Grafana account configured that was previously working fine. When I attempted to login recently I am receive a "Failed to determine the state of the SSO redirect" message. Any ideas on what is causing the error and unsuccessful attempts to log into Grafana?

질문됨 2년 전419회 조회
1개 답변


Failed to determine the state of the SSO redirect error usually occurs while signing into Amazon Managed Grafana workspace using a SAML IdP. Kindly note, when a user try to login and the authentication is successful at SAML IdP side, the SAML IdP will send a SAML Assertion file to AMG, and AMG will parse the incoming SAML assertion from SAML IdP to use the attributes within the "AttributeStatement" tags for identifying the user access level.

Thus, the above error usually occurs due to :-

  1. Single sign on URL in your IdP is not setup correctly i.e. ACS / Redirect URL is not correct.
  2. SAML Assertion Response received from IdP do not contain the required attributes
  3. SAML Assertion Response not following UTF-8
  4. SAML IdP's certificate expired

As you already mentioned that the setup was working fine previously but started throwing the errors recently. It could be possible due to SAML IdP's certificate expired. However, it is also possible that the SAML IdP application might have been modified.

Thus, please verify your SAML IdP setup according to SAML Setup documentation, and also ensure the certificate is not expired.

If the suggestions above do not help resolve the issue, we might need to troubleshoot based on your configurations. Could you please create a support case, so we may discuss details on your resource configurations?

Please do not post any sensitive information over re:Post since this is a public platform.

As always, feel free to reach back with any further questions or concerns in the meantime!

지원 엔지니어
답변함 2년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠